Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

AnyConnect with Certificate and Start Before Login

We are using AnyConnect 2.4.1012 with a public key user certificate.

If the user has logged into their machine, plugs in their key, and starts anyconnect, everything works fine.

If we try to use "Start Before Login" we get a "certificate is invalid for this group" error. 

SBL works fine if we use any other form of authentication (LDAP, SecurID, etc).

Any ideas?

1 REPLY

Re: AnyConnect with Certificate and Start Before Login

For certificate authentication to work with SBL, the client certificate will need to be available in the machine store so that the AnyConnect client can access it.  If the certificate is present in the machine store but AnyConnect does not have rights, you can try to update the AnyConnect XML profile to include the switch below.

true
1372
Views
0
Helpful
1
Replies
CreatePlease to create content